[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root filesystem encryption update



Tony Nelson wrote:
At 4:50 PM -0500 6/18/07, Bruno Wolff III wrote:
On Mon, Jun 18, 2007 at 16:51:55 -0400,
 Jeremy Katz <katzj redhat com> wrote:
On Mon, 2007-06-18 at 14:07 -0500, Bruno Wolff III wrote:
 ...
Heck, for key maps there probably aren't so many that you can't try
multiple possibilities after getting the password.
There are at least 30-40 that we allow in the installer alone at the
console.  find -type f /lib/kbd/keymaps/i386 | wc -l gives around 140.
I don't think that trying either is really that practical.
40 probably isn't too many to make trying them all impractical. I expect
that it will take less than a second to try each one even with measures
to slow down password guessing. That's not nice for suspend resume, but
wouldn't be a deal breaker for initial boots.
 ...

Couldn't it just start with the one that worked last time?

Not really. We need to ask for the passphrase during thaw, in the initrd. At that time, the filesystem containing /boot is in the mounted state, so we can't mount it to write the data anywhere. There's also no mechanism to pass data from the running kernel to the one we're restoring into memory, which means we can't save the data during the userland thaw sequence, either.

--
  Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]